diff --git a/services/authelia/configuration.yml b/services/authelia/configuration.yml
new file mode 100644
index 0000000..bbd1f70
--- /dev/null
+++ b/services/authelia/configuration.yml
@@ -0,0 +1,18 @@
+theme: 'auto'
+
+access_control:
+  default_policy: deny
+  rules:
+    - domain: '*.gasdev.fr'
+      policy: one_factor
+server:
+  endpoints:
+    authz:
+      forward-auth:
+        implementation: 'ForwardAuth'
+session:
+  cookies:
+    - domain: 'gasdev.fr'
+      authelia_url: 'https://auth.gasdev.fr'
+      default_redirection_url: 'https://www.example.com'
+
diff --git a/services/authelia/default.nix b/services/authelia/default.nix
new file mode 100644
index 0000000..07f46de
--- /dev/null
+++ b/services/authelia/default.nix
@@ -0,0 +1,30 @@
+{...}: {
+  sops.secrets."authelia/JWT_SECRET".owner = "root";
+  sops.secrets."authelia/SESSION_SECRET".owner = "root";
+  sops.secrets."authelia/STORAGE_PASSWORD".owner = "root";
+  sops.secrets."authelia/STORAGE_ENCRYPTION_KEY".owner = "root";
+
+  services.caddy.virtualHosts."auth.gasdev.fr".extraConfig = ''
+    reverse_proxy http://127.0.0.1:9091
+  '';
+
+  virtualisation.oci-containers.containers = {
+    authelia = {
+      image = "docker.io/authelia/authelia:latest";
+      autoStart = true;
+      ports = ["127.0.0.1:9091:9091"];
+      environment = {
+        AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
+        AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
+        AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
+        AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
+      };
+      volumes = [
+        "/run/secrets/authelia:/secrets"
+        "/etc/authelia/configuration.yml:/config/configuration.yml"
+      ];
+    };
+  };
+
+  environment.etc."authelia/configuration.yml".text = builtins.readFile ./configuration.yml;
+}
diff --git a/services/garage/garage.toml b/services/garage/garage.toml
index 687438d..b517365 100644
--- a/services/garage/garage.toml
+++ b/services/garage/garage.toml
@@ -9,7 +9,7 @@ compression_level = 2
 
 rpc_bind_addr = "[::]:3901"
 rpc_public_addr = "gasdev.fr:3901"
-rpc_secret_file = "/run/secrets/garage/rpc_secret"
+rpc_secret_file = "/run/secrets/garage/RPC_SECRET"
 
 [s3_api]
 s3_region = "garage"
diff --git a/services/i2p/default.nix b/services/i2p/default.nix
new file mode 100644
index 0000000..77b1c8f
--- /dev/null
+++ b/services/i2p/default.nix
@@ -0,0 +1,27 @@
+{...}: {
+  services.caddy.virtualHosts."console.i2p.gasdev.fr".extraConfig = ''
+    reverse_proxy http://127.0.0.1:7657
+  '';
+
+  services.caddy.virtualHosts."proxy.i2p.gasdev.fr".extraConfig = ''
+    reverse_proxy http://127.0.0.1:7657
+  '';
+
+  virtualisation.oci-containers.containers = {
+    uptime-kuma = {
+      image = "docker.io/geti2p/i2p";
+      autoStart = true;
+      environment = {
+        JVM_XMX = "256m";
+      };
+      ports = [
+        "4444:4444"
+        "6668:6668"
+        "7657:7657"
+        "54321:12345"
+        "54321:12345/udp"
+      ];
+      volumes = ["i2phome:/i2p/.i2p" "i2ptorrents:/i2psnark"];
+    };
+  };
+}